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Article Info ABSTRACT 

Article history: Software requirements with its functional and non-functional methods are the 
first important phase in producing a software system with free errors. The 

Received Jan 11, 2019 functional requirements are the visual actions that may easily evaluated from 
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non-functional requirements is security, which focuses on generating secure 
systems from strangers. Evaluating the security of the system in earlier steps 
Keywords: will help to reduce the efforts of reveals critical system threats. Security 
threats found because of leaking of security scenarios in requirement phase. 
In this paper, we purpose an intelligent model to extract and evaluate security 
features from scenarios based on set of security system goals and a set of 


Non-functional requirements 
Requirements classification 


Security requirements security requirements saved on rich story scenarios dataset (RSSD). This 
Software requirements model will used a support vector machine (SVM) classifier to classify the 
SVM security requirement based on RSS dataset. The using of SVM will enhance 


the overall process of evaluating the security requirements. The results show 
a significant enhancement in security improvements. 
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1, INTRODUCTION 

The software requirements are the most important step in developing good systems. Software 
requirements illustrate and identify what must be delivered to the software users. System requirements are 
represented in a form of use cases using natural language [1]. Non-functional requirements represented as 
software behaviors that are implemented on software systems (such as authorizations and _ users 
authentications). 

Achieving security requirements to test clues to insecure behaviors and then explore potential 
vulnerabilities, and most of these vulnerabilities arise from unexpected interactions between different system 
components [1]. In addition, the security of most component-based software development applications and 
systems is still not properly noticed [2]. In most software system, the problem of security is to predict and 
evaluate the security at the early stage of software development [2]. 

To insure the availability of security requirements in a given requirement scenarios, we proposed a 
new novel intelligent model to extract, classify and evaluate the security features from scenarios based on the 
generated RSSD that where the security requirements features are saved. Security features are evaluated from 
the scenarios by a set of acceptable system behaviors that show how these behaviors are shared among the 
system components. This paper consists of four sections: Section 2, previous literature. The methodology of 
the proposed work illustrated in Section 3, illustrates the proposed algorithms and the methodology of 
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collecting the non-functional security requirements. Section 4, presents the evaluation and the experimental 
results. Section 5, is the conclusion of this paper. 


2. RELATED WORK 

The non-functional requirements (NFR) elicitation is very important to produce working software, 
one of the main NFR is the security, the security requirements may elicit during the developing software 
lifecycle or after the development of software where we can detect the weak points and attacks that penetrate 
and patch. Besides that, many research studies found that eliciting security need high cost after producing 
software more than if we consider security in initial phases of producing software [3-6]. The weekness of 
security requirements in software system projects will introduce risk management system problems that need 
efficient computational techneques to find these security risk factors in the system [7, 8]. There are several 
studies that are made on testing scenarios and security testing. Scenario based specifications such as Message 
Sequence Chart (MSC) and its Labeled Transition System Analyzer (LTSA) which checks for system 
behavior [9]. Implied scenario detection for security testing reveals unexpected interactions between 
components [1]. Out of a formal specification language, a Use Case scenario is declared by extended UML 
2.0 sequence diagrams to derive a test model to assist test designers with test-specific information for later 
execution [10]. Model-based testing (MBT) and test case selection techniques using triggers, guards, and 
genetic algorithm-based selection are used to detect system real faults [11]. 

In [12] the authors proposed a method to eliciting the nun-functional security requirements using the 
use cases. The proposed method was a systematic approach with emphasis on description and method 
guidelines. They extend the use case representation to include misuse. They also cover extra-functional 
requirements that imply security. Mustafa and Kamalrudin [13] proposed a new mathematical formulation to 
define the consistency validation rules of security requirements using best-practice template pattern library. 
The method was based on the security-related semi-formalized model, called SecEssential Use Case 
(SecEUC). The approach was realized with a proof of concept prototype. Shambhu and Mishra [2] proposed 
a suitable guiding principle based on requirement specification and analysis of the software architecture. The 
approach used by software engineers to develop secure component-based software products. Portugal et al. 
[14] they proposed a semi-automated process strategy for finding the possible NFRs in a text based on 
keywords by asking system stakeholders about list of qualities. The used catalogs based of the NFR 
Framework, as a supporting knowledge base. In [15] the authors proposed a dynamic model to collect and 
manage the requirements automatically. They proposed a compatible requirement template to the standard 
templates. The method was concerned on a functional requirements elicitation into a proposed template. 
Authors in [16] proposed a PROM model for predictive and optimization the risk in management with the 
perspective of risk requirements in software engineering. The work was based on practical scenario of 
software development practices in information technology. They use machine learning as an assessed for 
computationally cost effective analysis of risk factor based on different quality standards of software 
projects. In [17] they proposed classification and identification of NFRs in structured texts, they used an 
identification of keywords in texts for supervised methods to find security NFR, and they archived results 
with an average of 57% for F-measure. 


3. THE PROPOSED METHODOLOGY 

Functional and non-functional software requirements describe what the system can do and how it 
should work at the system level. System functional specifications include the description of system processes 
that is to say the interaction between the user and the system as well as between subsystems [10]. Collecting 
system requirements are based on the investigation to system processes. Descriptive software system 
requirements are the documented results of the intensive software analysis phase as they are collected 
through various techniques such as interviews, surveys, and sampling methods. Software security 
requirement focuses on producing secure systems to illuminate intruders’ access control to the system. 
Security testing 1s motivated by addressing undocumented assumptions and areas of particular complexity to 
determine how a program can be broken [18]. Software security testing is heavily addressed during the 
software analysis phase to verify that it behaves as expected [19] using a set of security test scenario cases 
that are extracted from security test cases [1]. Security testing scenarios should identify vulnerabilities that 
arise from unexpected interactions between system components [1], and identifies the behaviors and 
interactions of system components [20]. 

In this paper, we propose a new method to generate a database contains security system features and 
security goals of non-functional security requirements. This database will be the dataset of rich story 
scenarios of non-functional security requirements. This dataset will be used in the requirement analysis phase 
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to classify and evaluate the security requirements from user scenarios. The proposed methodology and 
algorithms and are illustrated in Figure 1. 
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Figure |. The the proposed methodology 


3.1. Generating the System Security Goals and Security Requirements RSS Dataset 

In this stage, we propose an algorithm to create and build the system security goals and security 
requirements RSS dataset. This dataset can be used in evaluating stage to find and evaluate the security 
requirements from the user scenario. In this section, we will generate a table of security goals and convert the 
user Scenario into a set of requirement statements then these statements are converted into RSSD table. The 
system security goals are extracted based on expert users and developers to construct the system security 
goals and keywords table (SGKT). This table includes the system name, the security goals, security keywords 
and the required constraints in the system. Besides that, the set of requirement statements that extracted from 
the user scenario are saved in security requirement statements and security keywords table (SRSKT), this 
table includes the system name, the requirement statements, and the security keywords. 


3.2. Generating the Security Goals, keywords and Requirements Dataset 

In this algorithm we use the user scenario to generate the SSGT and SRST dataset. This dataset will 
be the trained dataset that used in the proposed intelligent model to find and evaluate the security 
requirements form user scenario in early stage using the proposed detection process. The algorithm steps 
illustrated as the following: 

a) Create a security goals and keywords table (SGKT) that contains the system name, the security goals, 
and keywords as shown in Table 1. This table can be dynamically contained any number of systems 
with its attribute columns. 

b) Create the security requirement statements and security keywords table (SRSKT); this table includes the 
system name (SNM), the requirement statements (RS), the security keywords (SK) and the requirement 
category type (RCT) as shown in Table 2. Each system name has many requirement statements each 
with relative security keywords and set of constraints. 


Table 1. The Proposed System Security Goals Table (SGKT) 
System Name Scenario Description Security Goals Keywords 
(SNM) (SD) (SGK) 
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Table 2. The Proposed Security Requirement Statements and Keywords Table (SRSKT) 
System Names Requirement Statements Security Keywords Requirement category 
(SNM) (RS) (SGK) (RCT) 


We considered that these two tables are created by expert users and developer and the information 
inserted to these tables are tested and trained by expert software engineering developers and _ users. 
This dataset tables will be used as the base dataset in evaluation process as an early step to find the security 
requirements before the system started. Table 3; illustrate a sample of dataset example of security scenario 
and security goals, where the security goals specify what the system should prevent, not how it should 
accomplish that prevention. In addition, the requirement constraint must contribute to satisfaction of a 
security goal, therefore the security requirements are maintain as a constraint on a functional requirement and 
used as security keywords. Besides that, Table 4 shows an example of converting the scenarios into a set of 
requirement statements, security keywords, and requirement category 


Table 3. Example of Security Scenario and Security Goals and Keywords 


System Name Scenario Description Security Goals Keywords 
(SNM) (SD) (SGK) 
Protect, 
Confidentiality, 
The application shall protect the confidentiality of data. Also, it Preserve, 
Sosismnaniel shall preserve the integrity of data, and shall promote the Integrity, 
availability of data for authorized use. Besides that, it shall Availability, 
prevent/detect action on/to/with asset. Authorized, 
Prevent, 
Detect 
The application shall require user identification and 
Rice : ; Identification, 
authentication by using a password that is at least 8 characters Seuss 
Authentication, 
long and modify their passwords at least once a month. Also the Pacepicn 
System name2 application shall use a COTS public-key encryption and Dect Pan 
decryption package to ensure that confidential data remains Cea a icy 
secure. Furthermore, the application shall use the MD5 128-bit Deecnon ° 


hash code to ensure the detection of corrupted messages. 


Table 4. Example of Converting the Scenarios Into a set of Requirement Statements, 
Security Keywords, and Requirement Category 


System Names Requirement Statements Security Keywords Requirement category 
(SNM) (RS) (SGK) (RCT) 
The application shall protect the Protect, Confidentiality, Non-functional 
confidentiality of data. Security requirement 
The application shall preserve the Preserve, Integrity Non-functional 
System namel 
integrity of data Security requirement 
The application shall promote the Availability, Authorized Non-functional 
availability of data for authorized use. Security requirement 
The application shall require user 
identification and authentication en ee Wacoal 
USieape ss Ore Maui Siat Tease © Authentication Security requirement 
characters long and modify their 
passwords at least once a month. 
The application shall use a COTS 
System name2 Encryption Naaeraoncaal 


public-key encryption and decryption 
package to ensure that confidential 
data remains secure 
The application shall use the MD5 
128-bit hash code to ensure the Detection 
detection of corrupted messages. 


Decryption 


Confidential Security requirement 


Non-functional 
Security requirement 


3.3. Convert the user Scenario Into a Set of Requirement Statement and Security Keywords 

In this algorithm we convert the user scenario into set of requirement statements. These statements 
are scanned to extract the security goals and keywords based on the proposed dataset in section 3.2 using a 
support vector machine (SVM) classifier to detect the security keyword existence in the security goals, 
keywords and requirements dataset. The proposed algorithms are illustrated as below: 
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Algorithm 1: From user scenario into set of requirement statement and security keywords 
1) Open SGKT and SRSKT (RSS) dataset tables. 
2) Insert the system name and user scenario 
3) Write the system name and user scenario into SGKT table. 
4) Read the user scenario 
a) Correct the user scenario text for detection errors. 
b) Convert the user scenario text into set of statement lines. 
- Split the user scenario into lines as a requirement statements based on (.) dot punctuation mark remove 
stop characters by using the General Architecture for Text Engineering (GATE) [21]. 
- Use standard tokenization, sentence splitting and stemming, as shown in classifier design in Figure 2. 
5) For each requirement statement line, search for each word in the text using the detection method 
proposed in algorithm 2 by comparing it with the trained security keywords dataset. 
- Ifthe word exist in security keywords dataset 
a. Accept the requirement statement as nun-functional security requirements 
b. Return the word as a security keyword 
6) Repeat step 4 and 5 until all user scenarios finished. 


Sentence SVM 


Tokenization Stemmer _ 
Splitter Classifier 





Figure 2. The classifier design 


Algorithm 2: Classifying and Evaluating the Security features and Keywords using SVM Classifier 

In this phase we use an intelligent method to detect and find the security requirements based on 
security keywords from the user scenario. This method use a detection technique based on SVM classifier to 
classify the non-functional requirements with the security goals and keywords. In this algorithm we use 
training database of saved security goals and keywords as the following: 

1) Build machine learning classifier using the training database based on NFR classifier for requirements 
scenario statements. 

2) Classify the input sentences into 2 major categories FR/NFR [22-24], focusing on NFR with 6 
categories: security, efficiency, reliability, functionality, and usability/utility where defined as a quality 
standards in [24] and [25]. 

3) Classify the keywords of security class as (Protect, Confidentiality, Authorized, Authentication, 
Encryption, Decryption, Confidential and Detection) 

4) Convert the resulted set of keywords into set of training/testing features. The set of used features are the 
unigram of the sentences’ tokens, using its stem. 

5) Use binary SVM classifier for each type of NFR, since some sentences contains two or more types of 
requirements. Figure 3 illustrates the evaluating the security keywords model using SVM classifier. 


4. EXPERIMENTAL RESULTS 

To evaluate the proposed methodology and algorithms we apply a set of experiments based our 
generated database. We use a Human Resource (HR) system documentations and scenarios that prepared 
from different legacy system based on a set of expert users and developers. 

We use a sample of 55% from the available HR documentation in different categories in the training 
phase, and we use 45% of the HR documentations in the testing phase. This database is used to train the 
proposed model as in algorithm] and algorithm2. 

The resulted features are saved in the database to be used in testing phase. The results in Table 5 
show a number of tested classes sentences per each user scenario documents, for set of NFR security features 
(PR: Protect, CO: Confidentiality, AZ: Authorized, AN: Authentication, EN: Encryption, DE: Decryption, 
DT: Detection). 
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Figure 3. Classifying and evaluating the security keywords model using SVM classifier 





Table 5. The Tested Classes for Each User Scenario Documents based on the set of NFR Security Features 
HR System User Security Classes 


Scenario documents aL = Se PR CO AZ AN EN DE DT 
User scenario 1 14 31 22 1 1 6 - 2 2 3 
User scenario 2 49 47 28 2 7 8 3 4 2 
User scenario 3 65 98 45 5 4 11 13 5 6 1 
User scenario 4 V2 112 24 a 2, 7 6 3 3 1 

Total 200 288 119 10 9 31 34 13 15 7 


4.1. Evaluation of Non Functional Requirements (NFR) 

The SVM classifier 1s evaluated based on the tested requirements using the user scenarios from 4 
different HR systems based on the proposed 7 security classes. The results evaluated using the metrics of 
Precision, Recall and F-Measure [21], defined as follows: 


a TP 
Precision = ——., 
TP+FP 


TP 
Recall = : 
TP+FN 





2 X Precision X Recall 
F-measure = — 
Precisiton+Recall 


where, TP (True Positive) is the number of correctly classified requirements, FP (False Positive) the number 
of requirements incorrectly classified, and FN (False Negative) the number of requirements incorrectly not 
classified. Results of the SVM classifier on the given 7 security classes are shown in Table 6. 


Table 6. The Results of SVM Classifier on the 7 Security Classes 


Security Classes Precision Recall F-Measure 
PR 90.9% 90.9% 90.9% 
CO 90.0% 90.0% 90.0% 
AZ 93.9% 91.2% 92.5% 
AN 94.4% 94.4% 94.4% 
EN 92.9% 92.9% 92.9% 
DE 93.8% 93.8% 93.8% 
DT 100.0% 87.5% 93.3% 
Average 93.70% 91.53% 92.54% 
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5. DISCUSSION 

The purposed model shows a significant improvement in identifying the non- functional security 
recruitments over unstructured text in the user scenario. This model was implemented and tested over 
different user scenarios. The proposed approach is fully automated method that can be used in eliciting 
requirements especially non-functional security requirements. Our results are compared with a semi- 
automated process strategy called NFRFinder that proposed in [14] the results was tested over structured text 
relative to requirements template and was not tested over unstructured text. The results of NFRFinder [14] 
was performed better in structured samples with a Fl-measure of 72%. Besides that, our proposed model 
shows a high performance and a high accuracy rates with a Fl-measure of 92.54%. Moreover, our proposed 
method can classify the security requirements into 7 classes based on our generated database. Table 7 
illustrating the comparison between our proposed method and the methods proposed in [14] and [17]. 
The proposed method was tested for the 7 classes were trained in our database the method can be expandable 
by adding a new training dataset with new requirements. Also our method needs to be trained in different 
application systems to be compatible tool for any user scenario system in the future. 


Table 7. The Comparison between our Proposed Method and the Methods Proposed in [14, 17] 


Precision Recall F-Measure 
The proposed Method 93.70% 91.53% 92.54% 
NFRFinder [14] 73.00% 61.00% 72.00% 
Huang et al. [17] 56.7% 78.9% 57.00% 


6. CONCLUSION 

The proposed method will helps the developers and system analysts in classifying the requirements 
into FR and NFR. In addition, this model will classifying the NFR security requirements into 7 classes, 
these classes are trained to build a non-functional security requirements database. This database is used in 
testing the new requirements and classifying them into different security requirements features. The proposed 
model is tested using several HR requirements that are collected from different HR systems. The results show 
a high accuracy compared with manual methods in collecting the security requirements. In addition, the using 
of linear SVM classifier improves the accuracy and the performance of the process, where the security 
requirements classes are evaluated. The result shows high accuracy rates of 93.70%. This method is a new 
and novel approach to find and classifying the security requirements into set of security categories. 
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